Bug 1413137 (CVE-2017-2590)
Summary: | CVE-2017-2590 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dkholia, ftweedal, jcholast, ksiddiqu, nsoman, pvoborni, rcritten, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ipa 4.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-03-09 18:47:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1414653, 1414703, 1427094 | ||
Bug Blocks: | 1413140 |
Description
Andrej Nemec
2017-01-13 17:37:22 UTC
Acknowledgments: Name: Fraser Tweedale (Red Hat) Created freeipa tracking bugs for this issue: Affects: fedora-all [bug 1427094] Fixed upstream: master: https://pagure.io/freeipa/c/b81ac59640f0b76fa9f53cf8be441f085a7089c4?branch=master ipa-4-4: https://pagure.io/freeipa/c/1aa314c79648c442473f19344387bfe11ec2141b?branch=ipa-4-4 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0388 https://rhn.redhat.com/errata/RHSA-2017-0388.html |